b"AUDIT OF THE IMPLEMENTATION OF CORRECTIVE ACTIONS\n\n\n\n\n                Audit Report No. 00-019\n                     May 25, 2000\n\n\n\n\n               OFFICE OF AUDITS\n\n         OFFICE OF INSPECTOR GENERAL\n\x0cFederal Deposit Insurance Corporation                                                            Office of Audits\nWashington, D.C. 20434                                                               Office of Inspector General\n\n\n\n   DATE:            May 25, 2000\n\n   TO:              Vijay Deshpande\n                    Director, Office of Internal Control Management\n\n\n   FROM:            David H. Loewenstein\n                    Assistant Inspector General\n\n   SUBJECT:         Report Entitled Audit of the Implementation of Corrective Actions\n                    (Audit Report No. 00-019)\n\n   The Office of Inspector General (OIG) has completed an audit of the Federal Deposit Insurance\n   Corporation's (FDIC) implementation of corrective actions. Corrective actions originated from\n   recommendations in OIG audit and evaluation reports. The audit covered agreed-upon corrective\n   actions for which final action occurred from January 1, 1998 through June 30, 1999. The audit also\n   covered collections of disallowed costs from audit and evaluation reports issued during this period.\n\n\n   BACKGROUND\n\n   Audit follow-up is an integral part of good management and is a shared responsibility of\n   corporate management officials, the Office of Internal Control Management (OICM), and the Office\n   of Inspector General. Corrective action taken by management on resolved findings and\n   recommendations is essential to improving the effectiveness of FDIC operations. Corrective action is\n   completed when final action has occurred. Final action means the completion of all actions that\n   management has concluded are necessary with respect to the findings and recommendations included\n   in an audit or evaluation report.\n\n    When the OIG issues an audit or evaluation report including findings and recommendations, FDIC\n    management responds with a management decision on the report's recommendations. Management's\n    decision is the evaluation by management of the findings and recommendations and its response to\n    such findings and recommendations, including actions concluded to be necessary together with the\n    expected completion dates for their implementation. The OIG will concur with management's decision\n    if it is to implement the recommended corrective action or an acceptable alternative corrective action.\n    If any recommendation identifies specific monetary benefits, management will respond with the\n    amount agreed with and/or the amount that is disagreed with and the reasons for any disagreement.\n    The amount management agrees to disallow is reported as the disallowed cost. Management will take\n    actions necessary to recover disallowed costs unless management believes it is in the best interests of\n    the FDIC to not pursue collection. Management reports the status of collections on disallowed costs\n    to OICM, and when final action is to not pursue collection, the disallowed costs are reported as\n    written off.\n\x0cOICM has established the Internal Risks Information System (IRIS) as a tracking mechanism to\nprovide a complete record of action on findings and recommendations. Within OICM, the Audit\nFollow-up and Resolution Section has been created as one means to help ensure the prompt and\nproper resolution and implementation of audit recommendations. In addition to monitoring audit\nfollow-up and resolution activities, this section follows up on outstanding audit recommendations over\n1 year old and assists in the resolution of disagreements between audit recommendations and\ncorrective action plans.\n\n\nOBJECTIVE, SCOPE, AND METHODOLOGY\n\nThe objective of this audit was to determine whether FDIC management implemented the agreed-upon\ncorrective actions to audit and evaluation recommendations as reported in IRIS. We did not perform\ntests to determine whether the actions taken were effective in correcting existing weaknesses but only\nto verify that agreed upon corrective actions were implemented. The audit scope included disallowed\ncosts agreed to by management and recommendations for which final corrective action occurred from\nJanuary 1, 1998 through June 30, 1999. During this period, management reported final action on 261\nrecommendations related to 70 audit and evaluation reports, excluding legal fee bill audit reports.\nBecause the legal fee bill audits included only monetary recommendations, they were included only in\nour review of disallowed costs.\n\nOur audit methodology was to select a judgmental sample of 22 audit and evaluation reports from\nwhich management reported final action on 85 recommendations during the audit period. We selected\nour sample to include at least one report on each FDIC division that was the subject of an audit and to\nselect those reports involving the most significant corrective actions. We reviewed IRIS for each audit\nreport in our sample to identify the corrective actions completed by management. We then obtained\ndocumentation from the Internal Control Liaison (ICL) from each division as necessary to determine\nwhether the corrective action had been completed as reported in IRIS. Where the documentation\nprovided by the ICL was not conclusive, we performed testing to verify completion of the corrective\naction.\n\nWe also reviewed the status of collections on disallowed costs for all OIG audit and evaluation reports,\nincluding legal fee bill audit reports, issued from January 1, 1998 through June 30, 1999. When\nmanagement wrote off disallowed costs, we reviewed documentation justifying the write-off.\n\nWe conducted the audit in accordance with generally accepted government auditing standards from\nSeptember 1999 through March 2000.\n\n\n\n\n                                                   2\n\x0cRESULTS OF AUDIT\n\nOur review found that management has been responsive to implementing agreed-upon corrective\nactions. Documentation provided by the ICL and additional testing performed during the audit\nconfirmed information provided in IRIS for each corrective action reviewed in the audit sample. For\neach of the corrective actions, we found that management's efforts related to the corrective action\naddressed the agreed upon corrective action. Table 1 lists the number of audit reports and closed\ncorrective actions in our sample by division.\n\n\n                                                      Table 1\n\n\n                             a                                         Closed Corrective\n          Division/Office            Audit Reports\n                                                                              Actions\n          DIRM                            4                                   21\n          DOA                             5                                   19\n          DOF                             1                                    2\n          DOS                             2                                    3\n          DRR                             5                                   22\n          LEGAL                           1                                    2\n          ODEO                            1                                    1\n          OES                             1                                    8\n          OLA                             1                                    4\n          DCA                             1                                    3\n          TOTAL                          22                                  85\n         Source: OIG Analysis\n\nFDIC management also initiated efforts to collect disallowed costs and involved the Legal Division\nwhen initial collection efforts failed. We found that management justified disallowed costs written off\nby documenting the write-off and including a litigation risk analysis where appropriate. Table 2\nsummarizes the status of disallowed costs by division.\n\n\n\na\n The divisions and offices covered by our review were the Division of Information Resources Management (DIRM),\nDivision of Administration (DOA), Division of Finance (DOF), Division of Supervision (DOS), Division of Resolutions\nand Receiverships (DRR), Legal Division (Legal), Office of Diversity and Economic Opportunity (ODEO), Office of the\nExecutive Secretary (OES), Office of Legislative Affairs (OLA), and Division of Compliance and Consumer Affairs\n(DCA).\n                                                         3\n\x0c                                                      Table 2\n\n\n                       Disallowed                                    In Process of       Costs Written\n          Division                         Costs Recovered\n                          Costs                                       Collection              Off\n         LEGAL           $ 4,048,391              $ 1,827,610           $ 352,122            $ 1,868,659\n         DRR*              3,973,972                 1,130,475            2,705,297               254,794\n         DOA               6,699,443                      9,243           6,690,200                       0\n         DIRM                 293,621                  170,007                       0            123,614\n         TOTAL          $15,015,427               $ 3,137,335           $ 9,747,619          $ 2,247,067\n       Source: OIG Analysis\n\n       * DRR recovered $116,594 in additional costs over the original disallowed costs after issuance of the final audit\n       report based on procedures recommended in the OIG audit report.\n\n\n\nDisallowed costs by the Legal Division related to 63 audits of outside counsel. Of the $1,868,659\nwritten off, the Legal Division did not pursue collection of $593,442 because a law firm that had\nformerly provided legal services to the FDIC had entered bankruptcy. The remaining amounts were\nprimarily based on legal analyses that litigation would not be cost effective. Disallowed costs by the\nDivision of Resolutions and Receiverships related to 14 audits of asset management and liquidation\nactivities. Of the $254,794 written off, $163,705 was not collected because a contractor went out of\nbusiness. The majority of costs disallowed by the Division of Administration relate to three billing\naudits of a contractor. Collections are in process due to an ongoing OIG investigation and litigation\nanalysis. The $123,614 written off by the Division of Information Resource Management (DIRM)\nrelated to a billing audit of a computer systems contractor. DIRM negotiated a settlement and release\nagreement in order to collect the majority of the disallowed costs. All disallowed costs we tested were\nadequately documented and reported to OICM.\n\nBecause we found no significant areas of weakness in FDIC management's implementation of\ncorrective actions, we are making no recommendations in this report.\n\n\n\n\n                                                          4\n\x0c"